Method and Apparatus for Performing Network Address Translation

US 20110182290A1
Filed: 01/21/2011
Published: 07/28/2011
Est. Priority Date: 09/08/2009
Status: Active Grant

First Claim

Patent Images

1. A method for performing network address translation, the method comprising:

storing history of characteristics of inbound traffic packets transmitted to a particular destination, optionally across multiple users;

employing pattern matching to compare characteristics of subsequent inbound traffic packets to the history; and

disambiguating the characteristics of the subsequent inbound traffic packets to determine for the particular destination associated with the subsequent inbound traffic packets based on the pattern matching.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An embodiment of the invention is a method and corresponding system for improved network address translation (NAT) operation, to enable efficient translation for packets destined for communication systems within a domain utilizing network addresses that are incompatible with source and destination addresses indicated in packets delivered from the global Internet. Since the addresses are not compatible with global Internet addresses, delivery cannot be accomplished except by some method of address translation. Traditional systems have not been constructed to enable such inbound translations, providing, instead, only communication outbound from the incompatibly addressed domain towards the global Internet. The example embodiment employs history and pattern matching between observable characteristics of the inbound payload, associated over time with specific destinations. The example embodiment may also employ DPI search techniques known from widely deployed systems in use today, to identify a field on which the pattern matching may operate.

155 Citations

29 Claims

1. A method for performing network address translation, the method comprising:
- storing history of characteristics of inbound traffic packets transmitted to a particular destination, optionally across multiple users;
  
  employing pattern matching to compare characteristics of subsequent inbound traffic packets to the history; and
  
  disambiguating the characteristics of the subsequent inbound traffic packets to determine for the particular destination associated with the subsequent inbound traffic packets based on the pattern matching.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. The method according to claim 1 further comprising:
    - maintaining records about certain fields of traffic packets with incoming payloads having characteristics of a flow in which flow translation in a network address translation (NAT) device has been initialized; and
      
      using the history and records in combination to disambiguate the traffic packets in the network address translation device.
  - 3. The method according to claim 1, further identifying candidate tags within the certain fields that are relevant to a destination, wherein disambiguating the traffic packets includes comparing a combination of traffic packet header information and candidate tags to the records.
  - 4. The method according to claim 1 further including collecting resource identifiers by parsing traffic flow management algorithms or state machines to monitor progress of a negotiation between two peers for establishment of a corresponding resource identifier transmission.
  - 5. The method according to claim 1 further including, for flows that have timed out, inspecting the payload of traffic packets for information that can be uniquely associated with one specific destination for the payload.
  - 6. The method according to claim 1, further including:
    - isolating and tabulating statistics for certain fields of application protocol messages; and
      
      using at least one statistic to disambiguate traffic packets with a resource identifier more or most likely to be determined to be associated with the records.
  - 7. The method according to claim 1 further including using deep packet inspection to obtain data from the certain fields, to obtain the resource identifier, or both.
  - 8. The method according to claim 1 wherein a public address of the NAT device is within a legacy protocol and a private address of the NAT device is within an updated version of the legacy protocol.
  - 9. The method according to claim 8, wherein the public address is an IPv4 address and the private address is an IPv6 address.
  - 10. The method according to claim 1, wherein a public address of the NAT device is an IPv4 address and a private address of the NAT device is within an IPv4 address.
  - 11. The method according to claim 1 wherein, for resource handling both known to the NAT device and making a resource identifier available, storing the resource identifier as being associated with a destination hosting a corresponding application.
  - 12. The method according to claim 1 further including recording resource identifiers along with an indication about a degree of certainty of correspondence with respective destinations.
  - 13. The method according to claim 1 applied to a Bit Torrent protocol or similarly functioning protocol.
  - 14. The method according to claim 1 wherein the characteristics of the inbound traffic packets and subsequent inbound traffic packets includes contents of a traffic packet header and payload, certain fields associated with the traffic packet, access patterns, and contextual information.
  - 15. The method according to claim 1 wherein contextual information includes time of day and geographical location associated with the inbound traffic packets.
  - 16. The method according to claim 1 applied to peer-to-peer communication.

17. A network device for performing network address translation, the network device comprising:
- a storage module configured to store history of access patterns to destinations, optionally across multiple users;
  
  a comparison module configured to employ pattern matching to compare characteristics of subsequent inbound traffic packets to the history; and
  
  a disambiguator module configured to use the history to disambiguate a traffic packet in a network address translation (NAT) device.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
- - 18. The network device of claim 17 further comprising:
    - a maintenance module configured to maintain records about certain fields of traffic packets with incoming payloads associated with a flow in which translation in the NAT device has been initialized; and
      
      wherein the disambiguator module is further configured to use the history and records in combination to disambiguate the traffic packet in the NAT device.
  - 19. The network device of claim 17 further comprising an identification module operably interconnected to the disambiguator module and configured to identify candidate tags within certain fields of the traffic packet that are relevant to a destination.
  - 20. The network device of claim 19 wherein the disambiguator module is further configured to compare a combination of traffic packet header information and the identified candidate tags to the maintained records.
  - 21. The network device of claim 17 further comprising a collection module configured to collect resource identifiers by parsing traffic flow management algorithms or state machines, the collection module being operably interconnected to a monitor configured to monitor progress of a negotiation between two peer applications for establishment of a corresponding resource identifier transmission.
  - 22. The network device of claim 17 wherein the disambiguator module is further includes:
    - a statistics module configured to isolate and tabulate statistics for certain fields of application protocol messages; and
      
      wherein the disambiguator module is further configured to use at least one statistic to disambiguate the traffic packet with a resource identifier more or most likely to be determined to be associated with the records.
  - 23. The network device of claim 17 further comprising a deep packet inspection (DPI) module to obtain data from the certain fields, obtain the resource identifier, or both.
  - 24. The network device of claim 17 wherein a public address of the NAT device is within a legacy protocol and a private address of the NAT device is within an updated version of the legacy protocol.
  - 25. The network device of claim 24 wherein the public address is an Internet Protocol version 4 (IPv4) address and the private address is an Internet Protocol version 6 (IPv6) address.
  - 26. The network device of claim 25 wherein the public address of the NAT device is the IPv4 address and the private address of the NAT device is within the IPv4 address.
  - 27. The network device of claim 17 wherein the storage module is further configured, for resource handling both known to the NAT device and making a resource identifier available, to store the resource identifier as being associated with a destination hosting a corresponding application.
  - 28. The network device of claim 17 further comprising a recordation module to record resource identifiers along with an indication about a degree of certainty of correspondence with respective destinations.

29. A computer program product including a non-transitory computer readable medium having computer readable instructions to perform network address translation, wherein the computer readable instructions, when executed by a processor, cause the processor to:
- store history of characteristics of inbound traffic packets associated with a particular destination, optionally across multiple users;
  
  employ pattern matching to compare characteristics of subsequent inbound traffic packets to the history; and
  
  disambiguate the characteristics of the subsequent inbound traffic packets to determine for the particular destination associated with the subsequent inbound traffic packets using the history.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
WiChorus, Inc. (Infinera Corp.)
Original Assignee
WiChorus, Inc. (Infinera Corp.)
Inventors
Perkins, Charles E.

Granted Patent

US 8,942,233 B2
Time in Patent Office

Days
Field of Search
US Class Current

370/389
CPC Class Codes

H04L 43/028   by filtering

H04L 61/2514   between local and global IP...

H04L 61/256   NAT traversal

H04L 61/4511   using domain name system [DNS]

Method and Apparatus for Performing Network Address Translation

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

155 Citations

29 Claims

Specification

Solutions

Use Cases

Quick Links

Method and Apparatus for Performing Network Address Translation

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

155 Citations

29 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links